A production-ready, AI-native platform that transforms static university infrastructure into a secure, high-performance, and cohesive student experience.
Syllabus Sync is a production-grade, security-hardened web platform that unifies academic scheduling, deadline intelligence, campus navigation, and student engagement into a single, cohesive experience. Built on Next.js 16, React 19, and Supabase with strict TypeScript throughout, it delivers the integrated campus infrastructure that universities promise but rarely ship.
Built initially for Macquarie University, it is designed to be adaptable to other institutions by swapping academic datasets and configuring environment variables. This project is a comprehensive portfolio piece that shows advanced full-stack engineering, rigorous cybersecurity implementations, and AI-native development workflows.
🔗 Live Demo · 📖 Docs · 🔐 Security · 🤝 Contributing
Traditional university systems are fragmented, leading to missed deadlines, poor campus discoverability, and sub-optimal student experiences. Syllabus Sync solves this by providing:
- Unified Academic Management: Seamless integration of enrolled units, class times, and assessment deadlines with stress-aware predictive tracking.
- Advanced Campus Navigation: Real-time, fused-heading campus navigation combining OpenStreetMap (Leaflet) and Google Maps Embed APIs, tailored for high-accuracy pedestrian routing.
- Enterprise-Grade Security: A defence-in-depth architecture featuring WebAuthn (Passkeys), hardware-backed MFA, Zero-Trust middleware, and strict Row-Level Security (RLS).
- Gamified Engagement: Secure, anti-abuse XP and streak mechanics to incentivise academic consistency.
University platforms are often decades-old monoliths with bolted-on features and poor mobile experiences. Students deserve better. Syllabus Sync was built to prove three things:
- A unified campus experience is technically achievable. Timetables, assessment deadlines, campus wayfinding, weather-aware planning, and gamified engagement belong in one application -- not scattered across five different portals.
- Security and usability are not trade-offs. This platform implements WebAuthn passkeys, hardware-backed MFA, and Zero-Trust middleware while maintaining sub-second page loads and a frictionless UX.
- AI-augmented engineering produces auditable, production-quality software. Every architectural decision and security hardening is traced through an immutable changelog.
| Dashboard | Calendar |
|---|---|
 |
 |
| Campus Map (Leaflet) | Campus Map (Google Maps) |
|---|---|
 |
 |
╔══════════════════════════════════════════════════════════════════════╗
║ 📄 Syllabus PDF → Structured JSON/Markdown via OCR + LLM pipeline ║
║ 🗓 Intelligent calendar with automated workload & stress analysis ║
║ 🗺 Dual-engine navigation: Leaflet + Google Maps, real-time GPS ║
║ 🔐 MFA (TOTP + WebAuthn/Passkey), RLS, CSRF, and rate limiting ║
║ 🌍 19 languages · Full RTL · WCAG 2.1 AA · 360px–2560px ║
║ 🎮 Gamification: XP, leaderboards, streaks, achievement system ║
║ 🔔 Context-aware notifications with multi-channel delivery ║
║ ⚡ CI/CD via GitHub Actions · 503 tests · Vercel Edge deployment ║
╚══════════════════════════════════════════════════════════════════════╝
Syllabus Sync is built on a modern, edge-ready tech stack designed for scalability, type safety, and zero-trust security.
| Layer | Technology |
|---|---|
| Framework | Next.js 16 (App Router) |
| UI | React 19, Tailwind CSS 4, Radix UI, Framer Motion |
| State | Zustand (persistent storage, SWR-like caching) |
| Database & Auth | Supabase PostgreSQL with enforced Row-Level Security (RLS) |
| Infrastructure | Vercel (Edge Middleware, Serverless Functions) |
| Rate Limiting | Upstash Redis (distributed) |
| Error Tracking | Sentry (client, server, edge) |
- Edge-First Security Middleware: All routing passes through Vercel Edge Middleware. Auth state, email verification gates, CSRF protection, and rate limiting are enforced at the edge.
- Distributed Rate Limiting: Uses Upstash Redis and explicitly fails closed in production if Redis is unconfigured, preventing bypass attacks during autoscaling events.
- Database-Level Atomicity: Critical operations (e.g., profile creation) are handled via PostgreSQL triggers to guarantee integrity.
- Optimistic UI with Additive Server Sync: Complex state uses optimistic updates backed by an additive merge strategy to eliminate race conditions.
- Proxy Middleware Auth Gate: All
/api/*routes require authentication by default, ensuring security-by-default for new endpoints.
Deep Dive: Technical Explanation | Architecture Reference
Security is a structural constraint, with defence-in-depth across every layer.
- Authentication: FIDO2 WebAuthn (Passkeys restricted to platform authenticators), hardware-backed MFA (TOTP), and audited session termination.
- Authorisation: Absolute tenant isolation via PostgreSQL Row-Level Security (RLS) at the query execution layer.
- Data Protection: Encryption at rest (AES-256), in transit (TLS 1.3), and strict Content Security Policy (CSP).
- Compliance: Tamper-evident audit logging for all sensitive system and user operations.
For Security Reviewers: Security Posture Report | Security Evidence Index
Developed using the Raouf Change Protocol, orchestrating agents for production-grade software engineering.
- Unit test generation covering happy paths, auth failures, and edge cases.
- Regression test scaffolding following every bug fix.
- Migration authoring drafting Supabase migration SQL from schema descriptions.
docs/api/API_REFERENCE.md— Auto-validated request/response schemas.docs/architecture/ARCHITECTURE.md— Constraint document used during code reviews.CHANGELOG.md— Immutable ledger of every architectural decision and fix.
Released under the MIT License — an OSI-approved, permissive open-source license.
- P0: Standalone
@syllabus-sync/extractorpackage for LLM OCR pipelines. - P1: Reference dataset forks for USYD and UNSW.
- P1: MCP (Model Context Protocol) server for direct agent integration.
- P2: Federated identity via institution SSO (SAML/OIDC).
| Name | Role |
|---|---|
| Mohammad Pouya Alavi Naeini | Lead maintainer — architecture, infrastructure |
| Mohammad Raouf Abedini | Co-maintainer — security, AI workflows, backend |
app/ Next.js routes, layouts, 65 API route handlers
components/ Shared UI and layout components
config/ ESLint, Next, Prettier, Sentry, Tailwind, TS, Vitest, Lighthouse
data/ Static academic data (unit catalogue, building maps)
docs/ Architecture, operations, API, policy, security, reference docs
features/ Feature-first client modules (home, calendar, map, settings, auth)
infra/ Docker assets
lib/ Stores, hooks, services, security, utilities, Supabase clients
locales/ 35 locale dictionaries
public/ Static assets, icons, map tiles, overlays, service worker
supabase/ Canonical migration history and configuration
tests/ Vitest suites (93 files, 503 tests)
tools/ Repo utilities (i18n, security, exports, load testing)
Full Inventory: Repository Inventory
- Node.js
>=22 <23 - npm
>=10 - Supabase project and Upstash Redis instance
# Clone and install
git clone https://github.com/mrpouyaalavi/syllabus-sync.git
cd syllabus-sync
npm install
# Configure environment
cp .env.example .env.local
# Initialise database
npx supabase link --project-ref <your-project-ref>
npx supabase db push
# Start development
npm run devnpm run check
# Runs: secrets scan → format → typecheck → lint → 503 tests → build| Document | Path |
|---|---|
| Architecture | docs/architecture/ARCHITECTURE.md |
| Technical Explanation | TECHNICAL_EXPLANATION.md |
| API Reference | docs/api/API_REFERENCE.md |
| Environment Setup | docs/operations/ENVIRONMENT_SETUP.md |
| Deployment Checklist | docs/operations/deployment-checklist.md |
| Docs Index | docs/README.md |
| Security Policy | SECURITY.md |
Built with the support of the open-source community. This project benefits from:
- Anthropic Claude — AI-assisted architecture and security auditing.
- Supabase — Open-source backend with RLS.
- Vercel — Edge deployment infrastructure.
> Target : Pouya Alavi Naeini — Full-Stack Developer , Raouf Abedini — Back-end Developer
> University : Macquarie University, Sydney, NSW
> Status : [●] ONLINE — open to grad & junior opportunities
Syllabus Sync is an independent open-source project and is not officially affiliated with Macquarie University.